Professional

I work at UC Santa Cruz in a technical leadership role in information security. Before UCSC, I worked as a systems and network engineer in a team working on bioinformatics metadata at Stanford University School of Medicine.

Through my past consulting work, I've provided excellent IT infrastructure for nice folks who do good work.

From 2011-2015, I was a technical lead in the areas of systems, networking, and information security at Sungevity, a multi-national solar company. My work was called out by a major investor as a significant factor in their decision to invest. After I left, the co-founding CEO wrote this of my work:

Graham is a real talent. He demonstrated the rare gift of mixing technical leadership with organizational leadership and people skills. His personable style, hard-work ethic, high-integrity, and passion for his role set him out as a gifted member of the team - combining his technical expertise (first class) with passion and zeal for the mission at Sungevity. I strongly recommend Graham for future roles in high-growth, challenging technical environments and roles that need the combination of technical and business skills.
-- Andrew Birch, Co-Founder & CEO, Sungevity, May 2017

Prior to that, I co-founded and helped run several cooperatives and public-benefit organizations.

Personal

Most importantly, I'm a doting (single) dad, and I have a strong interest in engaging in the world around me. I'm especially fond of intentional community, e-bikes, solar power, sea kayaking, and photography.

[1] There is a well-reasoned debate in which at least one brilliant infosec mind makes a powerful case against the use of DNSSEC. By using DNSSEC on my personal portfolio, I intend only to demonstrate my competence in its use, and suggest that it can be worth using under the right circumstances (with an appropriate threat model). I respect the arguments against the use of DNSSEC, and factor them in to my decisionmaking process.